IBM Support

HPDRG0201E Error code 0x71 after ITAM 6.0 Fixpack upgrade

Technote (troubleshooting)


After upgrading to Fixpack 23 or above, WebSEAL fails to start with this error:

2012-05-01-11:35:31.468-05:00I----- 0x16B480C9 webseald ERROR rgy ira ira_handle.c 430 0x00000001
HPDRG0201E Error code 0x71 was received from the LDAP server. Error text: "SSL initialization call failed".


APAR IZ50239
Symptom: WEBSEAL process inherits root user group membership



Diagnosing the problem

The SSL to LDAP KDB and STH file was owned by root, which is a security vulnerability.

Resolving the problem

No files should be owned by root, however, a bug was discovered and fixed in Fixpack 23 for Access Manager 6.0 that allowed WebSEAL to read files owned by root. When upgrading, the KDB and STH files, which had permissions root:system caused WebSEAL to not to start.

In this case, the files ownership was changed to ivmgr:ivmgr, which solved the issue.

Product Alias/Synonym


Document information

More support for: IBM Security Access Manager for Web

Software version: 6.0

Operating system(s): Platform Independent

Reference #: 1606846

Modified date: 26 June 2014

Translate this page: